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The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 



- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 



3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) [3 Claim(s) 1-21 is/are pending in the application. 

4a) Of the above claim(s) 77-27 is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed. 

6) E3 Claim(s) 7-76 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 
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3-D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Response to Arguments 



1 . Claims 1 , 2 and 5 were amended in the amendment. The pending claims 
are 1-20. Claims 17-20 has been withdrawn from consideration. 

Claim 2 has been amended in accordance with the suggestion in the First Office 
Action. The objection of claim 2 is withdrawn. 

Claim 5 has been amended by removing the recitation of within a pre-determined 
time frame. The rejection of claim 5 under 35 USC § 1 12 is withdrawn. 

As argued by applicants on pages 7-9, the argument is to reverse the Office 
Rejection by asserting Kraenzel and Behera does not disclose the limitations of claim 1 , 
especially the new added features. Examiner respectfully traverses, and the rejection is 
detailed as below. 

In response to applicants' argument on pages 10-14 and 19-20 that there is no 
suggestion to combine the references, the examiner recognizes that obviousness can 
only be established by combining or modifying the teachings of the prior art to produce 
the claimed invention where there is some teaching, suggestion, or motivation to do so 
found either in the references themselves or in the knowledge generally available to one 
of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 
1988) and In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, 
Kraezel method is to control access to database objects by using access control list. 
Behera method is also to control access to a database by setting up ACL rules for 
access control list. The lacking of access rules in Kraezel access control list could be 





Application/Control Number: 09/842,577 



Page 3 



Art Unit: 2172 

fixed by the Behera ACL rules in order to increase the security of the method and the 
system. 

In response to applicant's argument on page 10-14 that the examiner's 
conclusion of obviousness is based upon improper hindsight reasoning, it must be 
recognized that any judgment on obviousness is in a sense necessarily a reconstruction 
based upon hindsight reasoning. But so long as it takes into account only knowledge 
which was within the level of ordinary skill at the time the claimed invention was made, 
and does not include knowledge gleaned only from the applicant's disclosure, such a 
reconstruction is proper. See In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 
1971). 

Applicant's arguments with respect to claims 5-15 on pages 16-17 have been 
considered but are moot in view of the new ground(s) of rejection. 



2. This application contains claims 17-20 drawn to an invention nonelected 
with traverse in Paper No. 8. A complete reply to the final rejection must include 
cancelation of nonelected claims or other appropriate action (37 CFR 1.144) See MPEP 
§821.01. 



Election/Restrictions 



Claim Rejections - 35 USC § 102 
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3. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this Office 
action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 



Claims 5-11 and 3-14 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Kraenzel [USP 6,513,039]. 



Regarding to claim 5, Kraenzel teaches a method for generating a profile of a 
network user based on a user's access privileges stored in an access control list (ACL). 
Profile generating systems is a client/server system having multiple users connected 
over a network, wherein users may also be connected to one or more databases via the 
network (Kraenzel, Col. 1, lines 13-18). As shown in FIG. 1, a profile compiling/updating 
object 32 may use the information received from user affinity determining object 30 to 
generate a user profile (Kraenzel, Col. 2, lines 65-67) as the step of providing capabilities 
for a user to request access to information that the user currently does not have access to. To 
prevent access to objects containing, for example, confidential or proprietary 
information, users may be assigned levels of access privileges. Access privileges may 
be, for example, read-only, edit, etc. Access privileges may be assigned by a system 
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administrator and stored in an access control list or ACL (Kraenzel, Col. 1, lines 18-26). 
As shown in FIG. 3, a user accesses a requested object in a database at step 152. The 
user's access privileges for the object(s) requested is retrieved at step 154. Based on 
step 154, step 156 determines whether the user's access privileges meet the minimum 
requirements set by the object administrator. If the user's access privileges meet the 
minimum requirements, step 158 retrieves the requested object, otherwise goes to step 
162-164, and step 160 presents the object(s) to the user (Kraenzel, FIG. 3, Col. 4, lines 
20-31 ). As seen, the state of a request either for retrieving the request object or denying 
is tracked by branching to step 158 or 162 based on the obtained user's access 
privileges for the object(s) as a decision from an owner of the data requested, if the user's 
access privileges meet the minimum requirements, the requested object is implemented 
by presenting the object at step 160, or a denied notification to the user at step 164. In 
other words, the technique as discussed performs the steps of tracking a status of the 
request; obtaining a decision from an owner of the data requested; implementing the decision; 
and notifying the user of the decision. Returning to FIG. 3, if step 1 56 determines that the 
user's access privileges do not meet the minimum requirements set by a system 
administrator for that object(s), the user is denied access, and step 1 62 prompts the user to 
complete a request for quick approval, and the request for quick approval is subjected to step 
166 as an internal exception access process. Step 166 determines if additional privileges 
as pre-established criteria have been granted. If additional privileges have been granted, 
the ACL is updated to retrieve and present the requested object to the user, or in other 
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words, the quick approval is approved based on pre-established criteria (Kraenzel, Col. 4, 
Lines 31-43). 

Regarding to claim 6, Kraenzel teaches all the claimed subject matters as 
discussed in claim 5, Kraenzel further discloses the step oft obtaining at least one of an 
approval decision and a disapproval decision (Kraenzel, Col. 4, lines 20-43). 

Regarding to claim 7, Kraenzel teaches all the claimed subject matters as 
discussed in claim 5, Kraenzel further discloses the step of reviewing and auditing the 
user access (Kraenzel, Col. 4, lines 20-43). 

Regarding to claim 8, Kraenzel teaches all the claimed subject matters as 
discussed in claim 5, Kraenzel further discloses the step of creating a consistent security 
model that includes centralized administration of security of the system and uses single user 
profile and privilege for accessing different applications (Col. 3, lines 1 -1 5; Col. 4, lines 20- 
43). 

Regarding to claim 9, Kraenzel teaches all the claimed subject matters as 
discussed in claim 5, Kraenzel further discloses the step of creating user profiles; 
providing access control to data associated with user profiles; defining permissions based on a 
user identifier associated with user profiles; and developing a specification for user interfaces 
(Kraenzel, Col. 3, line 1-Col. 4, line 13). 
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Regarding to claim 10, Kraenzel teaches all the claimed subject matters as 
discussed in claim 5, Kraenzel further discloses the step providing administration of a 
common security model for access control and event notification (Kraenzel, FIG. 3). 

Regarding to claim 1 1 , Kraenzel teaches all the claimed subject matters as 
discussed in claim 5, Kraenzel further discloses the step of updating profiles 
automatically on at least one of a pre-determined timed interval and a change in organization 
hierarchy (Kraenzel, Col. 3, lines 33-42). 

Regarding to claim 13, Kraenzel teaches all the claimed subject matters as 
discussed in claim 5, Kraenzel further discloses the step of generating access list reports 
that identify accessible and non-accessible data and restrictions for access (Kraenzel, Col. 1 , 
lines 20-26 and Col. 2, lines 12-16). 

Regarding to claim 14, Kraenzel teaches all the claimed subject matters as 
discussed in claim 5, Kraenzel further discloses the step of retrieving information from 
the centralized database in response to a specific inquiry from an administrator (Kraenzel, 
Col. 4, lines 20-43). 



Claim Rejections - 35 USC § 103 
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4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of 

the. claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 

the various claims was commonly owned at the time any inventions covered therein 

were made absent any evidence to the contrary. Applicant is advised of the obligation 

under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 

not commonly owned at the time a later invention was made in order for the examiner to 

consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 

prior art under 35 U.S.C. 1 03(a). 

Claims 1 and 3-4 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Kraenzel [USP 6,513,039] in view of Behera [USP 6,535,879]. 

Regarding to claim 1 , Kraenzel teaches a method for generating a profile of a 
network user based on a user's access privileges stored in an access control list (ACL). 
Profile generating systems is a client/server system having multiple users connected 
over a network, wherein users may also be connected to one or more databases via the 
network (Kraenzel, Col. 1, lines 13-18). As shown in FIG. 1, a profile compiling/updating 
object 32 may use the information received from user affinity determining object 30 to 



Application/Control Number: 09/842,577 Page 9 

Art Unit: 2172 

generate a user profile (Kraenzel, Col. 2, lines 65-67) as the step of creating an 
electronic profile for a user within a centralized database. To prevent access to objects 
containing, for example, confidential or proprietary information, users may be assigned 
levels of access privileges. Access privileges may be, for example, read-only, edit, etc. 
Access privileges may be assigned by a system administrator and stored in an access 
control list or ACL (Kraenzel, Col. 1 , lines 18-26) as the step of creating an ACL as an 
electronic profile for data within the centralized database. As shown in FIG. 3, a user 
accesses a requested object in a database at step 152. The user's access privileges for 
the object(s) requested is retrieved at step 154. Based on step 154, step 156 
determines whether the user's access privileges meet the minimum requirements set by 
the object administrator. If the user's access privileges meet the minimum requirements, 
step 158 retrieves the requested object and step 160 presents the object(s) to the user 
(Kraenzel, Col. 4, lines 20-31). As seen, the procedure for accessing a requested object 
as discussed as methodology is established for user access. In order to grant access to a 
requested object or making a decision with reference to the user access, access privileges 
in ACL and user profile are compared, and the procedure is processed as at step 156- 
1 58 to complete an evaluation based on the electronic profiles, and operating methodology in 
response to a request from the user for access. Returning to FIG. 3, //step 156 determines 
that the user's access privileges do not meet the minimum requirements set by a 
system administrator for that object(s), the user is denied access, and step 1 62 prompts the 
user to complete a request for quick approval, and the request for quick approval is subjected 
to step 166 as an internal exception access process. Step 166 determines if additional 



Application/Control Number: 09/842,577 Page 10 

Art Unit: 2172 

privileges as pre-established criteria have been granted. If additional privileges have 
been granted, the ACL is updated to retrieve and present the requested object to the 
user, or in other words, the quick approval is approved based on pre-established criteria 
(Kraenzel, Col. 4, Lines 31-43). Kraenzel does not explicitly teach pre-determined rules 
are established, and the evaluation based on pre-determined rules. Behera teaches a 
method to control access via properties system by providing ACL rules based on the 
properties associated with the entries (Behera, Col. 1, line 64-Col. 2, line 5). Behera 
further discloses the step of establishing pre-determined rules (Behera, Col. 4, lines 25- 
54) and evaluating the pre-determined rules to grant access to a user (Behera, Col. 6, 
lines 13-16). Therefore, it would have been obvious for one of ordinary skill in the art at 
the time the invention was made to modify the Kraenzel method by applying the access 
rules to the ACL as taught by Behera in order to grant access to a user or a group to a 
particular attribute object in the database. 

Regarding to claim 3, Kraenzel and Behera teaches all the claimed subject 
matters as discussed in claim 1 , Kraenzel further discloses the step of creating data 
profiles based on at least one of Data Elements, Data Tags, Rules of Access, an Approver's 
Name for Each Rule of Access, Rules of Exclusion, an Exception List, and Field Tags 
(Kraenzel, Col. 1, lines 13-26). 

Regarding to claim 4, Kraenzel and Behera teaches all the claimed subject 
matters as discussed in claim 3, Behera further discloses the step of establishing pre- 
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determined rules in the centralized database based on at least one of Rule Based Access 
guidelines, Group Based Access guidelines, Search & Subscribe Utilities guidelines, Active 
Positioning Monitoring guidelines, Hard Exclusion Rules guidelines, and Access Audits 
guidelines; and establishing methodology to ensure timely and accurate decision making 
based on criteria established by the management (Behera, Col. 4, lines 26-55). 

Claim 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Kraenzel [USP 6,513,039] in view of Behera [USP 6,535,879], CERN 
[Administrative Information Services, Oracle HR] and Lillibridge [USP 6,195,698 
B1]. 

Regarding to claim 2, Kraenzel and Behera teaches all the claimed subject 
matters as discussed in claim 1 , but fails to disclose the step of creating an electronic 
profile based on information available from at least one an OHR Application and an RFCA 
Application. CERN teaches an OHR application and Lillibridge teaches an RFCA 
Application (Lillibridge, Col. 8, lines 35-46). Therefore, it would have been obvious for 
one of ordinary skill in the art at the time the invention was made to modify the Kraenzel 
and Behera method by using information from OHR Application and RFCA Application 
to build the electronic profile in order to distribute object to a user or a group via IP 
address. 
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Claims 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Kraenzel [USP 6,513,039]. 

Regarding to claim 12, Kraenzel teaches all the claimed subject matters as 
discussed in claim 5, Kraenzel does not explicitly teach the step of updating profiles 
automatically when a user transfers departments. However, as disclosed by Kraenzel, 
profile system 14 may automatically update a user's profile by periodically checking the 
ACL of the network. This may be performed on a routine basis, or on a random basis, 
when requested by a system administrator, or at various other instances. System 14 
may also use the above process for updating a user profile by simply adding 
supplemental information to the user profile (Kraenzel, Col. 3, lines 33-42). Thus, when 
a user transfers departments, system administrator updates the ACL, and user profile 
will be updated automatically. Therefore, it would have been obvious for one of ordinary 
skill in the art at the time the invention was made to modify the Kraenzel and Stockwell 
method by including the step of updating profiles when a user transfers department in 
order to control access to a database. 

Claim 15 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Kraenzel [USP 6,513,039] in view of Stockwell et al. [USP 5,950,195]. 

Regarding to claim 15, Kraenzel teaches all the claimed subject matters as 
discussed in claim 5, Kraenzel fails to teach the client system and the server system are 
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connected via a network and wherein the network is one of a wide area network, a local area 
network, an intranet and the Internet. Stockwell discloses the client system and the server 
system are connected via a network and wherein the network is one of a wide area network, a 
local area network, an intranet and the Internet (Stockwell, Col. 4, lines 21-28). Therefore, 
it would have been obvious for one of ordinary skill in the art at the time the invention 
was made to modify the Kraenzel method by including a network in order to process the 
method for the remote users. 

Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Behera [USP 6,535,879] in view of Kraenzel [USP 6,513,039 B1]. 

Regarding to claim 16, Behera teaches a LDAP as a database configured to be 
protected from access by using Access Control List or ACL. The Directory Server 
Administrator creates basic ACL rules that grant specific users access to certain 
information in the directory (Behera, Col. 3, lines 9-37). Behera further discloses the 
ACL rules that comprises a group based access guidelines based on the attributes to 
set up the rule (Behera, Col. 4, lines 42-44) as data corresponding to at least one of Rule 
Based Access guidelines, Group Based Access guidelines, Search & Subscribe Utilities 
guidelines, Active Positioning Monitoring guidelines, Hard Exclusion Rules guidelines, and 
Access Audits guidelines. As in Behera, Col. 4, Lines 40-41 , in order to allow access to a 
specific user, user name and access privileges such as read, write are used 

ACL: (list of attrs) (allow(read) user= "prasanta") 
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As seen, a user can retrieve data in the database corresponding to the read 
applications, the read application is cross-referenced against an access privilege (read) 
as unique identifiers, and user name as data corresponding user that cross-references 
user name against "prasanta" as unique identifier. In other words, the technique as 
discussed indicates data corresponding to applications that cross-references the applications 
data against unique identifiers; data corresponding to users that cross-references the users 
data against unique identifiers. Although the directory server matches the desired 
attributes within the specified attribute fieldname with the user's attributes for allowing 
access to the directory entry only if the user has the desired attribute values. Behera 
fails to teach data corresponding to various methodologies that facilitates accurate decision 
making. Kraenzel teaches a method for generating a profile of a network user based on 
a user's access privileges stored in an access control list (ACL). Profile generating 
systems is a client/server system having multiple users connected over a network, 
wherein users may also be connected to one or more databases via the network 
(Kraenzel, Col. 1, lines 13-18). As shown in FIG. 3, a user accesses a requested object 
in a database at step 152. The user's access privileges for the object(s) requested is 
retrieved at step 154. Based on step 154, step 156 determines whether the user's 
access privileges meet the minimum requirements set by the object administrator. If the 
user's access privileges meet the minimum requirements, step 158 retrieves the 
requested object and step 160 presents the object(s) to the user. If, however, step 156 
determines that the user's access privileges do not meet the minimum requirements set 
by a system administrator for that object(s), step 162 determines whether the user has 
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requested additional privileges from the system administrator. If additional privileges 
have not been requested, step 164 notifies the user that access has been denied. 
Otherwise, step 166 determines if additional privileges have been granted. If additional 
privileges have been granted, step 168 updates the ACL and may proceed to retrieve 
and present the requested object using steps 158 and 160 respectively. If step 166 
determines that additional privileges have not been granted, the user may be notified 
that access has been denied using step 164 (Kraenzel, Col. 4, lines 20-43). As seen, 
the procedure for accessing a requested object of FIG. 3 as various methodologies that 
facilitates accurate decision making, the retrieved object and notified data are data 
corresponding to various methodologies. Therefore, it would have been obvious for one of 
ordinary skill in the art at the time the invention was made to modify the Behera 
technique by using the method of access as taught by Kraenzel in order to process an 
access request of a user. 

Conclusion 

5. Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See 
MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 
37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
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mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

6. Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to HUNG Q PHAM whose telephone number is 703- 
605-4242. The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, JOHN E BREENE can be reached on 703-305-9790. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for . 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Examiner Hung Pham 
March 18, 2004 




